<%@ page language="java" import="java.sql.*" pageEncoding="UTF-8"%>

<%
    // 假设这些属性值是从页面请求中获取的，你需要根据实际情况确保正确获取方式
    String name = request.getParameter("name");
    String title = request.getParameter("title");
    String time = request.getParameter("time");
    String message = request.getParameter("message");

    Connection con;
    PreparedStatement pstmt;
    try {
        // 加载驱动（如果MySQL版本低于8）
        Class.forName("com.mysql.jdbc.Driver");
    } catch (Exception e) {
        out.println(e);
    }

    try {
        con = DriverManager.getConnection("jdbc:mysql://localhost:3306/webshopping?useUnicode=true&characterEncoding=utf-8","root","root");

        // 使用预编译语句来避免SQL注入风险
        String sql = "insert into message (username,messagetitle,messagetime,messagetext) values (?,?,?,?)";
        pstmt = con.prepareStatement(sql);
        pstmt.setString(1, name);
        pstmt.setString(2, title);
        pstmt.setString(3, time);
        pstmt.setString(4, message);

        pstmt.executeUpdate();

        con.close();
    } catch (Exception e) {
        out.println(e);
    }
%>